#34408 closed Bug (invalid)

Authorization in Custom Authentication Backend does not work — at Version 1

Reported by: Vivek Kumar Singh Owned by: nobody
Component: contrib.auth Version: 4.1
Severity: Normal Keywords: authentication, authorization
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Tim Graham)

I was experimenting with has_perm and user_can_authenticate functions in my custom authentication backend when I found out these function aren't even executing during the Authentication process. I tries putting print statements but there was no output in the log screen. I also tried using example suggested in Django Documentation (https://docs.djangoproject.com/en/4.1/topics/auth/customizing/#handling-authorization-in-custom-backends) but it still didn't work.

Here is my code:

class EmailBackend(BaseBackend):
    def authenticate(self, request, username=None, password=None):
        try:
            user = User.objects.get(email=username)
            if user.check_password(password):
                return user
            return None
        except User.DoesNotExist:
            return None

    
    def get_user(self, user_id):
        try:
            return User.objects.get(pk=user_id)

        except User.DoesNotExist:
            return None

    def has_perm(self, user_obj, perm, obj=None):
        print("hello")
        return True

and logs

[12/Mar/2023 00:01:05] "GET /login HTTP/1.1" 200 861
[12/Mar/2023 00:01:16] "POST /login HTTP/1.1" 302 0
[12/Mar/2023 00:01:16] "GET / HTTP/1.1" 200 370

as you can see there was no output saying "hello".
please explain what is the use of has_perm and other authorization functions in django anyway.

Change History (1)

comment:1 by Tim Graham, 21 months ago

Description: modified (diff)
Resolution: invalid
Status: newclosed

This looks like a lack of understanding rather than a bug report. Please spend more time reading the code and documentation to understand how it works. After that, if you have a specific documentation enhancement proposal, feel free to offer it.

Note: See TracTickets for help on using tickets.
Back to Top